-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for signing secureboot artifacts using AWS KMS #8197
Comments
@defreng you said you had some draft PR for it? |
7 tasks
hey @smira the PR mentioned above is the draft PR I have prepared and tested successfully. |
smira
pushed a commit
to edgrz/talos
that referenced
this issue
Feb 15, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
smira
pushed a commit
to edgrz/talos
that referenced
this issue
Feb 16, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
smira
pushed a commit
to edgrz/talos
that referenced
this issue
Feb 16, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
smira
pushed a commit
to smira/talos
that referenced
this issue
Feb 21, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]> (cherry picked from commit 5372188)
smira
pushed a commit
to smira/talos
that referenced
this issue
Feb 21, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]> (cherry picked from commit 5372188)
dsseng
pushed a commit
to dsseng/talos
that referenced
this issue
Mar 7, 2024
Fixes siderolabs#8197 Signed-off-by: pardomue <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Request
Currently, the imager only supports Azure Key Vault as a key management solution for signing artifacts without requiring direct access to the private keys.
We are bound to AWS offerings on our side and would like to use AWS KMS for the same purpose. This bring a little extra complication, as AWS KMS doesn't offer signed certificates for the contained keys.
The option we were thinking about are:
The text was updated successfully, but these errors were encountered: